JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.40.130

104.207.40.130 was found in our database!

This IP was reported 132 times. Confidence of Abuse is 10%: ?

10%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.40.130

Whois 104.207.40.130

IP Abuse Reports for 104.207.40.130:

This IP address has been reported a total of 132 times from 16 distinct sources. 104.207.40.130 was first reported on June 4th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Jason Howell	2026-06-12 02:36:32 (1 week ago)	104.207.40.130 - - [11/Jun/2026:20:57:41 -0500] "GET /wp-login.php HTTP/1.1" 200 5865 "https://www.g ... show more 104.207.40.130 - - [11/Jun/2026:20:57:41 -0500] "GET /wp-login.php HTTP/1.1" 200 5865 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 104.207.40.130 - - [11/Jun/2026:20:57:42 -0500] "POST /wp-login.php HTTP/1.1" 200 5966 "https://abstractco.com/wp-login.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 104.207.40.130 - - [11/Jun/2026:20:57:42 -0500] "GET /wp-admin/ HTTP/1.1" 302 4188 "https://abstractco.com/wp-login.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 104.207.40.130 - - [11/Jun/2026:20:57:43 -0500] "GET /wp-login.php?redirect_to=https%3A%2F%2Fwww.abstractco.com%2Fwp-admin%2F&reauth=1 HTTP/1.1" 200 8026 "https://abstractco.com/wp-login.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 104.207.40.130 - - [11/Jun/2026:21: ... show less	Web App Attack
🇫🇮 inlink.ltd	2026-05-23 18:24:31 (4 weeks ago)	Known malicious PHP file or CMS probe	Web App Attack
🇺🇸 TPI-Abuse	2026-01-24 10:18:48 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.130 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 24 05:18:39.350033 2026] [security2:error] [pid 10850:tid 10850] [client 104.207.40.130:49135] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "havelocktruckandauto.ca"] [uri "/wp-config.php.log"] [unique_id "aXScfzbqB1wM9yaSIksQVgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-22 16:05:02 (5 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇦🇺 MAGIC	2025-12-20 01:13:20 (6 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-25 06:23:39 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.130 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:23:32.575518 2025] [security2:error] [pid 910682:tid 910682] [client 104.207.40.130:31213] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.1214productions.com"] [uri "/.env"] [unique_id "aSVLZK0-EEdS0KTcs-xHugAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:48:03 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.130 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:47:54.516535 2025] [security2:error] [pid 13172:tid 13172] [client 104.207.40.130:28601] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.whatifandwhynot.xyz"] [uri "/.env"] [unique_id "aSU0-kgso2txmGMyKwsPygAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:08:26 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.130 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:08:22.062599 2025] [security2:error] [pid 8748:tid 8748] [client 104.207.40.130:11563] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.thepinman.org"] [uri "/.env"] [unique_id "aSUdpkcvshedmUKUsLCw4wAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 ingroscart.it	2025-11-25 03:08:03 (6 months ago)	(mod_security) mod_security triggered on hostname [redacted] 104.207.40.130 (US/United States/-)	SQL Injection
🇺🇸 TPI-Abuse	2025-11-25 02:16:15 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.130 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:16:06.827481 2025] [security2:error] [pid 19357:tid 19357] [client 104.207.40.130:37683] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.greybird.cc"] [uri "/.env"] [unique_id "aSURZqPycSdKqzHlZZ16xAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:44:24 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.130 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:44:17.316123 2025] [security2:error] [pid 25659:tid 25659] [client 104.207.40.130:18239] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sample.terrellfletcher.com"] [uri "/.svn/wc.db"] [unique_id "aST74YQvU7Kd4Bwnom0PiQAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-14 10:48:21 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇨🇦 wil.com	2025-10-29 04:43:41 (7 months ago)	GlobalProtect login attempts with user rmorzehowski.	VPN IP Brute-Force
🇨🇦 wil.com	2025-10-29 02:23:35 (7 months ago)	GlobalProtect login attempts with user mariecitrus.	VPN IP Brute-Force
Anonymous	2025-10-17 07:09:08 (8 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.17 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.17 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 132 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 212.32.76.14

🇺🇸 207.244.237.48

🇬🇧 193.35.56.108

🇧🇷 177.18.195.107

🇺🇸 172.217.36.217

🇱🇹 91.224.92.17

🇵🇱 87.251.64.157

🇷🇺 77.222.104.55

🇳🇱 45.156.128.122

🇷🇴 2.57.122.238

🇲🇿 196.28.226.66

🇯🇵 118.193.61.170

🇺🇸 103.203.57.2

🇺🇸 66.132.186.138

🇺🇸 35.130.111.146

🇺🇸 23.94.252.189

🇬🇧 2a06:4880:6000::

🇳🇱 206.223.236.169

🇳🇱 204.76.203.206

🇺🇸 204.48.19.65